Re: [Tinycc-devel] Re: Memory bug in tcc

tinycc-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] Re: Memory bug in tcc

From:	grischka
Subject:	Re: [Tinycc-devel] Re: Memory bug in tcc
Date:	Tue, 28 Oct 2008 00:14:41 +0100
User-agent:	Thunderbird 1.5.0.10 (Windows/20070221)

Cristian Cadar wrote:

  Hello, I'd like to report a bug in the latest version of tcc (0.9.24)
that we found using an automated tool being developed in our group.
  The error is at tcc.c:3801.  The first time execution reaches this
line, the index c into array isidnum_table has value -1, thus accessing

data outside the intended buffer isidnum_table.


Thanks. It was fixed in May this year ;)
http://repo.or.cz/w/tinycc.git?a=commitdiff;h=2c6cd08b

--- grischka

I assume the while loop
should be changed to while (c != -1 && isidnum_table[c]), but I didn't
have time to examine the code in much detail.  Here is the output of a
gdb session that shows the bug:

$ gdb ./tcc...

(gdb) b tcc.c:3801
Breakpoint 1 at 0x80582f0: file tcc.c, line 3801.
(gdb) r
...
Breakpoint 1, next_nomacro1 () at tcc.c:3801
3801                while (isidnum_table[c]) {
(gdb) p c
$1 = -1

Thank you,

  Cristian




_______________________________________________
Tinycc-devel mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/tinycc-devel

[Prev in Thread]

Current Thread

[Next in Thread]

[Tinycc-devel] Re: Memory bug in tcc, Cristian Cadar, 2008/10/25
- Re: [Tinycc-devel] Re: Memory bug in tcc, grischka <=

Prev by Date: [Tinycc-devel] Re: Memory bug in tcc
Previous by thread: [Tinycc-devel] Re: Memory bug in tcc
Index(es):
- Date
- Thread